Anyone Running Linux as Their Primary OS?

wastedtime

hypnotoad wrote: »

I think Linux is great and has a big place in the world, but for me there's just no incentive to use it. It would be like learning to speak Chinese. Yeah, it's neat, but what's is the utility in this?

Right now there probably isn't for you. A tool you don't know how to use is rarely better then a tool you don't have at all. But I can promise you that if you learn how to use Linux it will come in handy at some time. The more tools you have in your toolbox that you know how to use the more valuable you are.

dynamik

Hyper-Me wrote: »

If you had read the rest of my post it would probably make sense.

No, it doesn't. Saying malicious code is a moot point and we are less at risk today than in 2001 is blatantly wrong. While technical controls have undoubtedly improved since then, I think your reliance on them is giving you a false sense of security.

UAC is a great addition to the OS, but people often click through it or disable it out of annoyance. Signature-based AVs are pretty good (check AV Comparatives; even the best ones missed thousands) at detecting known viruses, which won't help you out at all if someone's targeting you and bringing something custom to the table.

I'm far from an expert at defeating AV, but I've done it successfully on numerous occasions. I pivoted through a large financial institution's network today simply by re-encoding meterpreter (which is normally detected, and their AV was up-to-date as of the morning). This is basic technique that anyone can do by copy-pasting a line of text into a command line; it required extremely little in terms of knowledge or skill on my part.

Heuristic detection might catch things like this in the future, but it has a long way to go. HIDS are another possible control that could be used to protect against such attacks, but they are difficult to implement and tune correctly.

This isn't about either of our levels of technical knowledge, nor is this about any personal issue I have with you. I don't know if you're referring to your system, or a network you manage, but what you're saying is simply not representative of what is going on in the world at large.

Attacks are undeniably increasing in number and complexity. SANS recently put on a brief vLive session entitled, "The Bad Guys Are Winning, So Now What?" where they discussed the current security climate. As you can probably tell from the title, they were not as optimistic as you. It doesn't bother me if you want to lob insults, but when it comes down to it, there doesn't seem to be any factual basis for the claims you're making.

earweed

wastedtime wrote: »

Right now there probably isn't for you. A tool you don't know how to use is rarely better then a tool you don't have at all. But I can promise you that if you learn how to use Linux it will come in handy at some time. The more tools you have in your toolbox that you know how to use the more valuable you are.

Notice he said tools not certs. So before bringing up this or that cert get some know how. Learn how to use Linux. I'm almost totally inept at it and have been working with it off and on for months. Eventually I'll want to be a sys admin and will need to know Linux.

apena7

earweed wrote: »

Notice he said tools not certs. So before bringing up this or that cert get some know how. Learn how to use Linux. I'm almost totally inept at it and have been working with it off and on for months. Eventually I'll want to be a sys admin and will need to know Linux.

Yup, whether you're a system admin or network admin, Linux knowledge goes a long way. Now, if only I can muster the energy to learn beyond the basics...

earweed

apena7 wrote: »

Yup, whether you're a system admin or network admin, Linux knowledge goes a long way. Now, if only I can muster the energy to learn beyond the basics...

I'm still struggling with the basics..lol

dynamik

earweed wrote: »

I'm still struggling with the basics..lol

Just stick with it and keep working slowly but surely. If you continually do that, you'll be amazed at how much knowledge you've amassed when you look back in the near future. Do something like set aside 15 minutes a day and experiment with a single tool. Read the man page for it and see what practical uses you can come up for it on your own. Does it work well with any other tool you're familiar with? And so on...

tpatt100

DevilWAH wrote: »

See I have never had a virus on my PC for many years now, but that is not due to the OS.

Set up correctly and with someone who knows what they are doing, you should never get a virus on a PC. For many years I ran with out an active Virus scanner on my PC, and only a simple hardware firewall, and again never had any problems with viruses.

On the other hand at work sitting behind a Government secure gateway, with tons of anti virus and anti malware systems, we still see viruses on users PC's on a daily bases.

The fact is that the people who write viruses still target Microsoft compared to Linux on what must be about a 100:1 + ratio. So the number of "real" linux viruses/malware in the wild is a tiny % of those for windows.

And by default Linux is set up in a much more locked down state than windows. or at least where as Microsoft are big on the community spirit and almost invite the outside in to the PC (which has many benefits I agree), Linux goes the other way and is much more shut of from the out side world.

The argument about security is in my view a faulse argument. Linux is currently the more secure OS, not because it is fundamental more secure in its self (although I would argue it does have the edge). But people who used linux, because of the very fact it is less user friendly. Generally have more knowledge of IT and the security threats that exist than your average 60 year old pensioner (no offence). And because LINUX starts of with default settings that are secure and you have to open it up to make it vulnerable (and also to make it work as required). couple these two fact together and you should expect that it suffers from less security issues.

To put it another way, I have cleaned no less than 10 or so viruses of family PC's in the last 4 or 5 years, (about 7 users in total). But I have yet to hear of one member of the IT unit at work suffer an attack. (about 20+ of us).

Security of a system has little to do with the OS running and much to do with the user.

Not sure about Linux out of the box default is more secure than Windows. The past several years the Redhat, Solaris, HPUX boxes we scanned and audited had hundreds of findings that had to be corrected and documented before they could join our part of the DOD network.

And I said this before but how do people who do not run virus scanners KNOW they don't have a virus? Many hijack background processes and most modify your registry. I don't have my registry memorized nor do I run a port monitor to watch for background processes using outbound connections from my PC.

DevilWAH

tpatt100 wrote: »

Not sure about Linux out of the box default is more secure than Windows. The past several years the Redhat, Solaris, HPUX boxes we scanned and audited had hundreds of findings that had to be corrected and documented before they could join our part of the DOD network.

And I said this before but how do people who do not run virus scanners KNOW they don't have a virus? Many hijack background processes and most modify your registry. I don't have my registry memorized nor do I run a port monitor to watch for background processes using outbound connections from my PC.

Becasue you scan your PC every week (just not a constant back ground scan) and 99.99% of viruses are introduced to PC's by the user doing some thing. Yes there are worm out there that self replicate but most viruses are malware that require the user to do somethink, and most of the rest that can self infect require the user to be running with admin privigles.

This is a major difference between windows and Linux, most windows uses run under an admin account, this is the "default". In linux you run as an under privilaged acount. And only elivate up when required.

tpatt100

DevilWAH wrote: »

Becasue you scan your PC every week (just not a constant back ground scan) and 99.99% of viruses are introduced to PC's by the user doing some thing. Yes there are worm out there that self replicate but most viruses are malware that require the user to do somethink, and most of the rest that can self infect require the user to be running with admin privigles.

This is a major difference between windows and Linux, most windows uses run under an admin account, this is the "default". In linux you run as an under privilaged acount. And only elivate up when required.

Aww my mistake, you did mention you don't run an active scanner. I just assumed you were like many who just "know" they dont have a virus because they dont surf pron (really that word is censored??) or torrent junk on their PC lol.

tpatt100

earweed wrote: »

I'm still struggling with the basics..lol

I tried for years to "learn" linux. It was only when I got a project to upgrade a bunch of Redhat Servers did my motivation kick into overdrive to learn. Doing the clean installs and upgrades and setup plus hardening taught me more in a month than dinking around my home lab.

SrSysAdmin

shaqazoolu wrote: »

Unless you are rendering video, playing Crysis and working on something in CAD all at the same time, I'm not sure you'll tap that in Windows either.

I'm a hardware junkie though so I completely understand why you would want to have that just to have it.

I actually won it at my previous company's Christmas party last year so I didn't even have to pay for it

dynamik

DevilWAH wrote: »

This is a major difference between windows and Linux, most windows uses run under an admin account, this is the "default". In linux you run as an under privilaged acount. And only elivate up when required.

I think that's valid for knowledgeable users (just as experienced Windows users do not run as Administrator and use runas when necessary), but how many noobies are just going to re-run the last command with sudo in front of it, or click through the GUI prompt? This is the same point I was making earlier. Technical controls have fast out-paced user knowledge and awareness, and I think as Linux and OSX gain more popularity, you're going to see a lot of the same problems that have been plaguing Windows users for years.

DevilWAH

dynamik wrote: »

I think that's valid for knowledgeable users (just as experienced Windows users do not run as Administrator and use runas when necessary), but how many noobies are just going to re-run the last command with sudo in front of it, or click through the GUI prompt? This is the same point I was making earlier. Technical controls have fast out-paced user knowledge and awareness, and I think as Linux and OSX gain more popularity, you're going to see a lot of the same problems that have been plaguing Windows users for years.

I think with the latest distributions (such as Unbuntu Lucid) we are already seeing it happen.

L0gicB0mb508

I ran Mepis as my primary OS for a few years actually. I never had any problems with it. My netbook is currently running Ubuntu NBR and I like it quite a bit.

SrSysAdmin

L0gicB0mb508 wrote: »

I ran Mepis as my primary OS for a few years actually. I never had any problems with it. My netbook is currently running Ubuntu NBR and I like it quite a bit.

Mepis is developed by WVU students isn't it? Is that why you used it?

it_consultant

dynamik wrote: »

I think that's valid for knowledgeable users (just as experienced Windows users do not run as Administrator and use runas when necessary), but how many noobies are just going to re-run the last command with sudo in front of it, or click through the GUI prompt? This is the same point I was making earlier. Technical controls have fast out-paced user knowledge and awareness, and I think as Linux and OSX gain more popularity, you're going to see a lot of the same problems that have been plaguing Windows users for years.

Problems are always with the user (or a bad admin's, of which there are many) decisions INCLUDING poorly designed software. Windows Servers that run core Windows services last for years without needing reboots. Toss on a third party server software and WATCH OUT!

dynamik

And sometimes the AV software can be your worst enemy: ESET has NOD32 anti-virus update pains | THINQ.co.uk

I like ESET, so that's a shame. It's happened to most major AV vendors at one point or another though...

tpatt100

it_consultant wrote: »

Problems are always with the user (or a bad admin's, of which there are many) decisions INCLUDING poorly designed software. Windows Servers that run core Windows services last for years without needing reboots. Toss on a third party server software and WATCH OUT!

Any Windows server that runs for years without a reboot is one seriously unpatched system.

it_consultant

Thats not necessarily true. A lot of the patches are vulnerabilities for things that the Windows server is not doing. A properly hardened Windows server won't be vulnerable to those attach vectors.

HOWEVER, i always patch my servers because reboots don't take very long.

Ahriakin

DevilWAH wrote: »

This is a major difference between windows and Linux, most windows uses run under an admin account, this is the "default". In linux you run as an under privilaged acount. And only elivate up when required.

Rather than get into the whole thing, I'll just say that one thing that has bothered me for years in the Linux vs. Windows security argument is that it's apparently a plus to run as a std. user in linux and have to use SUDO for admin level work, but UAC in windows (which is essentially a pre-emptive SUDO level prompt, with similar popups in Ubuntu and the like) is bad....

earweed

Ahriakin wrote: »

Rather than get into the whole thing, I'll just say that one thing that has bothered me for years in the Linux vs. Windows security argument is that it's apparently a plus to run as a std. user in linux and have to use SUDO for admin level work, but UAC in windows (which is essentially a pre-emptive SUDO level prompt, with similar popups in Ubuntu and the like) is bad....

That's sort of what Hyper-me was talking about. UAC has helped to strengthen Windows security as long as the user doesn't disable it. Having UAC you are essentially always running as a standard user even if you have an admin account. It's there to prompt you to elevate your user credentials and to make it safer.

Hyper-Me

dynamik wrote: »

bunch of stuff

I never once said that attacks havnt increased or that the number of malware and viruses has decreased. However, even the most experienced of users had problems sometimes on XP/2000. I have noticed, on my personal systems and my work computer (this thread is about that people on this forum are using as their primary OS, not their network they manage) that infections have diminished to zero with the use of the aformentioned combination.

And, of course, there are always the security guys selling the wrath of god type stuff....mass hysteria, dogs and cats living together peacefully ,etc. Security, while extremely important is also two other things....terribly overblown, and impossible to achieve 100%. I dont think the majority of networks/computers are of any consolation to be hacked, and therefore oversecuring them simply hinders useability. At my last job we had a VPN setup where users had to authenticate to the VPN with a username/password and a pin code from a hardware token, and then authenticate to whichever machine they remoted into with their AD credentials; While that sounds easy peasy, a lot of people got frustrated and simply gave up using the VPN altogether.


and as far as this goes

If you'd quit making outrageous claims, backed up what you were saying with facts, and attempted to have a genuine discussin instead of rigidly trying to defend your position, you'd do much better for yourself.

I dont think my claims are outrageous, you simply took them out of context. I also don't see you posting any facts to back anything up. Not that some random survey by an AV company would reflect my own personal experiences anyway. Lastly, i do fine for myself thank you very much.

Ahriakin

I don't see a single place where he made an outrageous claim, and has backed up his argument with examples from personal experience and a number of links to reputable 3rd parties. I'm not saying you don't have a point but don't immediately dismiss Dynamiks because it doesn't agree with yours either.

The thing is, to an extent, you are both right. When your security is so unwieldy that users either bypass it or stop using the systems behind it you have a problem, a mix of user-awareness and enforcement of policy vs. perhaps poor design on your part (because effective security policy and implementation HAS to take the human factor into account).
On the other hand you can't assume that the basic controls are enough simply because you haven't been hit yet. A good security engineer anticipates threats, appraises management with a risk vs. cost analysis and then implements with the best design possible that will not interfere with the core business (and user education may be required as a compromise for the increased security systems required). While it's a mistake to overload on security vs. light risks it is a much worse mistake to ignore them.

I guess it really comes down the prime principal of infosec, and that is that your security policy needs to be dictated by your business needs. The problem is most see this as meaning that security should not interfere with the existing flow, when the reality is that in this day and age of liquid information security IS a part of that business. Thus there has to be balance and compromise, and you do need to err on the side of caution.

earweed

One of the elements of windows security is UAC. While some amny think it "annoying" to have it pop up it does serve to protect you. UAC combined with a good AV (even just MSE) can serve to protect you. No matter what you use though your security is only as good as the least attempt of someone to circumvent it.

Also please keep the focus on the post and not on the poster. Personal attacks are not tolerated very well here and should not be used. (The occassional Dynamiks mom joke is ok though)

Hyper-Me

Ahriakin wrote: »

I don't see a single place where he made an outrageous claim, and has backed up his argument with examples from personal experience and a number of links to reputable 3rd parties. I'm not saying you don't have a point but don't immediately dismiss Dynamiks because it doesn't agree with yours either.

QUOTE]


The part about outrageous claims/facts/etc was the comment he left on my reputation.

veritas_libertas

I'm not using it as my primary OS, and lately I don't even have it on VM...

Oh well, after the MCITP:EA I will probably start using it more. I think I'm going to get a laptop and put it on that.

RobertKaucher

DevilWAH wrote: »

Becasue you scan your PC every week (just not a constant back ground scan) and 99.99% of viruses are introduced to PC's by the user doing some thing. Yes there are worm out there that self replicate but most viruses are malware that require the user to do somethink, and most of the rest that can self infect require the user to be running with admin privigles.

This is a major difference between windows and Linux, most windows uses run under an admin account, this is the "default". In linux you run as an under privilaged acount. And only elivate up when required.

And this is exactly why I don't even use AV on my home system, and I am no saint when it comes to web browsing, if you catch my drift.

From the perspective of home use, I see no point in it myself. I do not use untrusted/pirated software and I have UAC turned on and I keep my stuff up-to-date. So unless I get pwned by some 0day browser attack in a third part advertisement, I'm fine. And what good would an AV system be against that anyway?

RobertKaucher

dynamik wrote: »

Because there has clearly been a decrease in viruses and malware...

Dynamik, can you go into more detail on this? Where are you getting the info for this and what is your opinion of why this is the case?

it_consultant

I haven't had a virus in a long time despite nefarious browsing habits. Firefox and 'no-script!'.

NoScript - JavaScript/Java/Flash blocker for a safer Firefox experience! - what is it? - InformAction

Its the behavior, not the machine.

MentholMoose

SrSysAdmin wrote: »

What the hell am I going to do with all that power if I'm running Linux??? I may put Ubuntu or CentOS on an old laptop but there is no reason to use Linux on a box this powerful (when I'm not using it as a server).

Ship it to me, I'll figure something out! Seriously though, that would make a decent virtual lab host. You could for example use VMware Workstation to setup a few virtual ESX machines and study for the VCP. Or install other VMs and study for whatever cert you want. Of course you can use Linux or Windows for that purpose, though.

dynamik wrote: »

Just stick with it and keep working slowly but surely. If you continually do that, you'll be amazed at how much knowledge you've amassed when you look back in the near future. Do something like set aside 15 minutes a day and experiment with a single tool. Read the man page for it and see what practical uses you can come up for it on your own. Does it work well with any other tool you're familiar with? And so on...

Nice advice. Once you learn a few CLI tools, you can start combining them, and then the CLI will become very powerful. It's kind of fun to write one-liners to accomplish some task or another, and it can be very useful. The other day at work I had to telnet into several hundred network devices, log in, run some commands, and save and format the output. I wrote a one-liner to handle it all using only bash commands and tools installed by default.

RobertKaucher wrote: »

Dynamik, can you go into more detail on this? Where are you getting the info for this and what is your opinion of why this is the case?

This site has some info and a nice chart:
Endpoint Security | Zero Day Attack Detection | Security Configuration Management

I've seen similar charts from AV vendors but I can't find any right now. The difference between 2000 and 2010 is simply money. Back then you had viruses that were pranks and worms that did nothing more than propagate. Occasionally there were some destructive ones, deleting files or launching DDOS attacks, but most were not created for monetary reasons. Now there is a thriving black market with people building and selling commercial virus toolkits, people maintaining and renting botnets, and "bulletproof" datacenters that support criminal activity. Malware is now a full-fledged industry where people can make a living.